Implementing claims-based security (WCF/ASP.NET)

Deadly 提交于 2019-12-20 14:19:30

问题


After researching on the topic of claims-Based security (or a federated security model). I've been coming across many examples that use CardSpace as an example. The main article that I read that gave a really great explanation of the subject was a PDF by Microsoft on a framework called Zermatt.

The claims-based security architecture I'm looking into is the equivalent of implementing an STS Authentication Broker in combination with an STS Authorization Broker. This way, when I create a new service all I need to do is ensure that the service will only accept claims issued by the Authorization Broker. And as noted in the article, the Authorization Broker would only accept claims issued by the Authentication Broker.

When that's setup, any time a client attempts to use the new service, it must authenticate with the Authentication Broker (issuing an authenticated claim) and then get authorized with the Authorization Broker (issuing an authorized claim).

This is all fine and dandy and the architecture is clear, but I don't see exactly how to implement an STS. As I mentioned, most (if not all) examples around the web are showing how to use CardSpace, but that doesn't exactly work when you have a database backing up your authentication scheme.

Sample Scenario

alt text http://img512.imageshack.us/img512/8329/claimsbasedsecurityza6.jpg


回答1:


I think I found my answer :D

http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel http://www.theserverside.net/tt/articles/showarticle.tss?id=ClaimsBasedSecurityModel2

And then there's the latest Microsoft Geneva Framework announced at PDC. Perfect for what I need. (now if only my own answer were marked as the answer :P)

http://www.microsoft.com/geneva




回答2:


The best thing to implement an STS on on the Windows platform is to use AD FS.

See this blog for details, http://blogs.msdn.com/vbertocci/archive/2007/11/19/developing-a-minimal-sts-with-adfs-2-identity-framework-part-i-the-sts-itself.aspx.



来源:https://stackoverflow.com/questions/232842/implementing-claims-based-security-wcf-asp-net

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!